NFL: League navigates cyber risk as draft moves online

NEW YORK (Reuters) - With countless hours of research and planning kept as closely guarded as the President’s nuclear football, cyber security is in focus for this week’s NFL Draft, as teams pivot to a “virtual” format on COVID-19 lockdown.

Usually Draft Day security involves little more than checking credentials and keeping fans in line, but as franchises take their operations online this Thursday, cyber security experts say teams are vulnerable to online mischief-makers.

“A lot of people like to do things not because they have any malice against you but they want to see if it will work or they want to get their name out there, they want to have their 15 minutes of fame,” Paul Vixie, the CEO and co-founder of Farsight Security, told Reuters.

Vixie said that the NFL Draft doesn’t offer much in the way of monetary appeal for hackers, but that he would “be much more worried about deliberate interference as performance art.”

The league declined to disclose its security measures but told Reuters they are “comprehensive and thoughtful,” and that they have provided best practices and are planning to run a system test with all 32 teams on Monday.

Individual clubs have been running their own mock drafts and the NFL will have also carried out a one-round draft simulation with clubs selecting former players before Thursday.

Ravens head coach John Harbaugh was among the first to voice concern over cyber security during the draft, telling reporters earlier this month that he is in frequent contact with his IT team but that he remains sceptical.

“They assure me we are doing everything humanly possible and I remind that that’s what Wells Fargo and all those other places said about our private information, so I have some real concerns,” said Harbaugh.

“I really wouldn’t want the opposing coaches to have our playbook or our draft meetings. That would be preferable.”

SIGNIFICANT RISK

During the draft, clubs will submit their selections to the NFL Player Personnel department through Microsoft Teams, the NFL said, adding that it had contingency plans in place in case of a tech malfunction.

Video conferencing application Zoom, which has faced criticism over security concerns, will be permitted for communication on an individual basis within clubs but not between teams and the league office.

“Assume what’s happening in Zoom is not staying in Zoom,” said Ekram Ahmed, a spokesperson for cyber security firm Check Point. “You just have to have that mentality.”

As millions across the globe moved business online as coronavirus lockdowns took effect, hackers have refocused their efforts toward “exploiting things around the home,” he said.

“The risk is significant, not just with Zoom but with any workplace online workplace or collaborative tool,” said Ahmed. “That’s just because since coronavirus has happened the attention of hackers has dramatically shifts towards exploiting almost anything that orbits around the home.”

The NFL logo is pictured at an event in the Manhattan borough of New York City, New York, U.S., November 30, 2017. REUTERS/Carlo Allegri

Coaches and scouts coordinating from home around the country will be relying on their IT departments more than ever to prevent embarrassing draft-night glitches.